Is there way to fix this on Nextcloud Hub 25 Autumn (32.0.6)? This report was on the ZAP Report
"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate
certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data
injection attacks. These attacks are used for everything from data theft to site defacement
or distribution of malware. CSP provides a set of standard HTTP headers that allow website
owners to declare approved sources of content that browsers should be allowed to load on
that page — covered types are JavaScript, CSS, HTML frames, fonts, images and
embeddable objects such as Java applets, ActiveX, audio and video files."
URL https:///
Node
Name https:///
Method GET
Attack
Evidence
default-src 'self'; script-src 'self' 'nonce-
QPGyKhQ6rLKUTcRiZlgjzbPtNbdJek+jCjVoYpwWISU='; style-src 'self' 'unsafe-inline';
frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src
'none'; base-uri 'self';
Is there way to fix this on Nextcloud Hub 25 Autumn (32.0.6)? This report was on the ZAP Report
"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate
certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data
injection attacks. These attacks are used for everything from data theft to site defacement
or distribution of malware. CSP provides a set of standard HTTP headers that allow website
owners to declare approved sources of content that browsers should be allowed to load on
that page — covered types are JavaScript, CSS, HTML frames, fonts, images and
embeddable objects such as Java applets, ActiveX, audio and video files."
URL https:///
Node
Name https:///
Method GET
Attack
Evidence
default-src 'self'; script-src 'self' 'nonce-
QPGyKhQ6rLKUTcRiZlgjzbPtNbdJek+jCjVoYpwWISU='; style-src 'self' 'unsafe-inline';
frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src
'none'; base-uri 'self';